Skip links

3DS2 deadline countdown – is your business ready?

Many SMEs believe they are too small to be of interest to fraudsters, but that is far from the truth. Sadly, credit card fraud is extremely prevalent amongst smaller businesses. Usually, banks take about 10 weeks to settle any chargeback disputes, which will inevitably have an impact on your cash flow.

But it’s not all doom and gloom. The card companies have developed a variety of defences against card fraud, including multifactor authentication, biometrics, and behavioural analytics. These measures, however, do not eliminate risks entirely, as fraudsters are constantly looking for ways around them.

A short guide to 3DS2

To ensure card users are who they said they are, a technology called 3D Secure was developed. It wasn’t a perfect system, which led to lots of customers abandoning their carts.

Visa and Mastercard further developed 3D Secure 2.0 (3DS2) to address this issue, and the new system seamlessly uses authentication data, artificial intelligence (AI) and machine learning (ML) for customers.

3DS2 authentication enables businesses to verify a cardholder’s identity before authorising transactions. It requires 2 out of 3 pieces of information: the user’s fingerprint, something the user owns, such as a phone number, or something the user knows, like a password.

3DS2 use resulted in a 70% reduction in cart abandonment and an 85% reduction in checkout times, according to Visa.

Our top 3 cost-saving tips for commerce inventory management

The Payment Services Directive 2 (PSD2) regulates electronic payments within Europe and was issued by the European Commission in 2018. Banks are required to perform strong customer authentication (SCA) for online payments under PSD2.

To interact with wider European payment services, UK businesses must comply with the EEA’s common legal framework for making and receiving payments. 3DS2 is promoted as a PSD2 compliant SCA solution. However, it can also be used outside of Europe on its own for customer authentication.

According to the Financial Conduct Authority, as of 14 March, card payments in the UK must include strong customer authentication (SCA), which requires 3DS2.

Businesses using the old 3DS1 authentication process will not be able to operate this system within the Visa framework as the company announced that from 15 October 2022, it will discontinue the support of 3-D Secure 1.0.2 and its related technology.

Other important dates to note in your calendar:

14 October 2022:

Mastercard will phase out 3D Secure 1. Meanwhile, American Express is terminating SafeKey 1.0 worldwide, their solution for 3DS1, except for India. It will officially move to 3DS2.

13 October 2023:

American Express is terminating SafeKey 1.0 in India and moving to 3DS2.

How to ensure you are compliant

Non-compliance with 3DS2 has serious ramifications for businesses whose revenue is at stake. Getting things wrong means, at best, abandoned carts and sales decline, and at worst, fines and FCA disciplinary action.

Merchants can enable 3D Secure 2 with the support of payment service providers. A payment gateway that supports 3D Secure 2 will offer several options tailored to your specific needs, ensuring you stay compliant with the latest payment regulations at all times.

But how to choose the right partner? Here are the key questions to ask yourself when considering a payment gateway:

Recurrent transactions

Review the percentage of your recurring transactions. SCA only requires authentication of the first transaction when a cardholder sets up recurring payments. Unless the transaction amount changes or the returning customer interactions have reached a certain threshold, or the transaction is a merchant-initiated transaction, SCA is not required for recurring transactions or returning customers.

Cart abandonment

Is this an ongoing issue for your online store? Consumers expect a fast, easy and safe checkout experience. Authentication with 3DS2 is based on biometric data and tokens, and using a fingerprint is much faster, easier, and more secure than using a password, resulting in a frictionless customer experience. This way, 3DS2 allows you to give clients greater control over their authentication experience.

Reducing fraud

By reviewing each transaction through a payment gateway, you will be able to conduct better risk analysis, which will result in a significant improvement in fraud prevention without compromising your customers’ experience during checkout.

From Trust Payments, TRU Connect makes your business totally compliant with 3DS 2 through any device or channel. We can help you enhance customer experience, especially on mobile devices. In the event of a fraudulent chargeback, your customer’s bank will be liable if they have approved the transaction authenticated with 3DS2.

To learn more, read our 3DS2 FAQ or get in touch.

Security statement

Security is our top priority at Trust Payments and we strive to ensure that all data is kept secure at all times We keep all customer data safe with AES256 encryption, SSL Certificates, and a minimum of TLS1.2, between your website and our datacentres.

Our systems are scanned quarterly using the Qualys PCI Platform, an independent Qualified Security Assessor (QSA) and approved vendors – Omnicybersecurity (UK) & Forgenix (US) – to ensure compliance with the security requirements of the card schemes.

We follow a number of rigorous security procedures on a daily basis including, but not limited to, continuous monitoring of our perimeter, dark web monitoring, and internal checks to ensure that CIA triad is maintained at all times.

Keep up with the latest in payments!

Fill the form below to sign up to our mailing newsletter.